Ask the Experts at fi360 2016 Cybersecurity Privacy and Network Security and Risk Mitigation Gary Sutherland, NAPLIA CEO Brian Edelman, Financial Computer Inc. CEO Paul Smith, AIF NAPLIA SVP
SEC s 1st Cybersecurity Enforcement Proceeding SEC files charges against R.T. Jones after a cyberattack on a 3 rd party web server hosting the investment firm s data. Charges filed were NOT focused on firm s response to the cybersecurity breach or whether there was any actual harm (there was none), rather: Violation of Safeguards Rule of the Securities Act of 1933 [Rule 30(a) of Regulation S-P]; i.e. the firm failed to adopt written policies and procedures reasonably designed to protect customer records and information. SEC and R.T. Jones reached a settlement: Cease and Desist further violation. R.T. Jones fined with a penalty of $75,000.
Recent NAPLIA Claims Social Engineering and Fraud Hacker entered Advisor client s system and monitored communication with Advisor became aware of how they communicated style and language used. When Advisor s client was away, hacker requested a $75,000 wire transfer to fake vendor through clients email account followed by another successful request Which Policy responded?
CyberSecurity Is No Longer Optional For Financial Advisors OCIE Requires Governance Written Information Security Policies Incident Response Plan Designation of CISO Cyber Education Cyber Review of 3 rd Party Vendors Cybersecurity Tools Cyber Detection / Monitoring Periodic Cyber Risk Assessments
Cybersecurity Tools Monitoring / Inventory Managed Antivirus / Antispyware Managed Personal Firewall Managed Network Firewall Email Encryption Managed Whole Disk Encryption Hardware Encryption Wireless Encryption Password Manager Two Factor Authentication Disaster Backup and Recovery
Periodic Cyber Risk Assessments
Cyber Liability Insurance Even though you have all the cybersecurity tools in place you can still experience a breach. Make sure a loss does not put you out of business Cyber Liability Insurance Data breaches are now a fact of life. Cyber liability insurance has been available for over 10 years, however most professionals seem unlikely to have heard of it. Companies are now being held accountable for the private records they handle or control. Currently in the US 46 out of 50 states have mandatory requirements for how companies must respond to leaked personally identifiable information.
1 st Party Risk Internal cost of breach close the doors? Loss of Clients Personally Identifiable Data Total Cost per Record can be up to $300 per Containing damage / forensics Loss of income / Reputational cost Extortion / Ransom Responding to clients meeting state laws Credit Monitoring meeting each State law
3 rd Party Risk Liability for injury to others Suits arising out of unauthorized disclosure of PII Damage to others information Inability to access because of your activity Content Liability disparaging / Infringing Plagiarizing content erroneous advice
Insurance what to look for? 1st Party Coverage: Breach Response Support Emergency Response Fund Network Extortion Business Interruption & Expense Electronic Theft Data Restoration Business Reputation PR costs
Insurance what to look for? 3 rd Party Coverage: Privacy Injury claims Network Security Liability of others Regulatory Proceeding Coverage with Defense Website Liability harm done to others Publication of harmful content (from breach)
Insurance what to look for? Cost of coverage? Policies from A Rated carriers are running from $1,200 annually for 1Mil Limits for a small RIA. Costs are driven by number of records and applicants current Cyber Securities policies and procedures. A mid size BD might cost $10,000 plus Additionally, the nature of the business TPAs are more expensive to insure than RIAs / BDs more than RIAs.
Paul J. Smith, AIF SVP of North American Professional Liability Insurance Agency, LLC (NAPLIA) Paul manages the Investment Advisory Division At NAPLIA and is a regular presenter on risk management and insurance for Investment Advisors and other Financial Professionals. NAPLIA Executives speak regularly at national conferences. Paul has served on several national panel discussions regarding best practices, claim mitigation and understanding E&O insurance for Investment professionals.
Brian Edelman Brian Edelman is an Independent Technology Advisor and the CEO of Financial Computer, Inc., a company that provides Cybersecurity, Integrations and IT Support to the Financial Services Community. For more than two decades Brian and his firm have been delivering Technology Solutions to Financial Institutions and Advisors. The primary mission of Financial Computer is to keep information safe. We have partnered with the best of breed cybersecurity companies to design custom comprehensive solutions
Gary Sutherland, CIC, MLIS Gary B. Sutherland has over 30 years of insurance industry experience and founded North American Professional Liability Insurance Agency, LLC (NAPLIA) in 1998. NAPLIA has grown to be one of the leading writers of professional liability insurance, specializing in financial professionals. Mr. Sutherland holds the prestigious designation of Certified Insurance Counselor (CIC), an honor attained by only 2% of all insurance brokers, as well as certification as a Management Liability Insurance Specialist (MLIS). He previously held the position of National Sales Manager for a leading provider of professional liability insurance.
Additional Questions Paul J Smith Pauls@naplia.com